The struggle to secure Point of Sale

Data breaches continue to occur, and hackers are still after payment card data.

The problem is simple: Many businesses rely too heavily on traditional infrastructure and outdated practices that fail to prevent cybercriminals from circumventing firewalls.

The solution: Migrate to EMV and leverage middleware that supports tokenization and point-to-point encryption. And perhaps more importantly, ensure that the company implementing the relevant technology is a qualified integrator and reseller (QIR).

Oddly enough, one study from Vormetric revealed roughly 89 percent of retail security professionals are not confident in their abilities to secure POS systems and relevant data, yet spending on breach prevention hasn't been prioritized. Simply put, there needs to be a shift in the paradigm here. 

First, it will help to understand what QIR qualifications entail and how these entities are impacting the bottom line of security for organizations. 

QIR's place in POS security
Instances of security failure due to poor implementation conducted by inexperienced installers are on the rise, leading to high-profile data breaches that lead to sever damage for merchants. 

Lackluster firewalls and unsecured remote desktop applications have been among the most common problematic areas when it comes to using an inexperienced installer. QIR qualification is critical to POS providers - both those that act as value-added resellers and independent software vendors. 

"QIR qualification is critical to POS providers."

QIR qualification entails training and certification to ensure that POS providers are maintaining PCI compliance over time, reducing the likelihood of data breaches. For example, the POS breach at the Hard Rock Hotel & Casino in May might have been prevented had the right solutions been deployed correctly ahead of the attack. 

POS providers cannot shy away from the value and importance of this qualification. Respecting QIR will help to drive home the value of middleware deployments that support P2PE and tokenization. 

POS Mobility security best practices
The most competitive providers of payment applications with mobile components have increased their commitment to security. However, POS providers cannot overlook their own security strategies.

Here are a few areas to focus on to ensure the strongest possible security, especially when shopping for a middleware/payments partner.

  • Interoperability: Should mobile extensions for POS not be entirely compatible with existing POS environments, optimal security would be impossible to achieve. Clean integrations are key to simplified installations.
  • Data explosion: Payments are generating more diverse data sets, as well as higher volumes, while the entirety of that information needs to be protected from threats at all times - whether in storage or transit. Mobile POS data is no doubt valuable from an analysis perspective, but security has to come first.  
  • Encryption and tokenization: It goes without saying that securing mobile POS devices today is quite similar to securing traditional POS stations. In that regard, it's clear that P2PE and tokenization are the solution to protecting all POS data. POS providers need to make those two security practices a priority.

Today's security demands are far more complex than those of the past - and far more important, for that matter. Everything needs to be in its right place, and POS providers can ensure that they are positioned properly to excel in the market by making a better decision on payments integration.

Striking the right chord
At the end of the day, the most sure-fire way to ensure ongoing PCI compliance and data security is to choose the right integrated payments provider. Some of the hallmarks of a strong middleware/payments partner include:

  • Ability to remove the POS from scope of PA-DSS (out-of-scope)
  • P2PE and tokenization support
  • Strong, clean track records
  • Mature code
  • Variety of partners
  • Enablement of various POS formats, including cloud, Windows, Embedded, Mobile, etc.
  • Support for a wide variety of POS hardware, allowing for flexibility for installers

Choosing the right payments middleware partner will allow POS providers to put payments into the sure hands of the professionals that devote all of their time to those critical measures. As a result, not only will security and performance at large be improved significantly, the POS provider will also be able to focus on POS-specific development and improvements to strengthen their offering in their respective marketplaces. 

Considering how quickly competition is scaling up in Point of Sale, the freedom and resource availability necessary to innovate and focus on core services is invaluable. 

 

Want to learn more about securing your payments?